A person drawing a picture of a flower with a green pencil

PRISM

Smart Contract Analysis and Security Check for the NFT Marketplace

Blockchain
Smart Contracts
NFT
Marketplace
Art
Security

Blockchain
Smart Contracts
NFT
Marketplace
Art
Security

About the client

NuPay Technologies is a blockchain corporation dedicated to creating innovative and sustainable products. The company aims to unlock the limitless potential of digital assets while having a minimal impact on the environment. One of the first steps towards their goals was the development of the PRISM NFT marketplace.

Details

Website:prismnfts.com
Location:USA
Date:2022

PRISM is an all-purpose, next generation NFT marketplace developed by NuPay Technologies.
PRISM allows creators to publish and sell their artworks to buyers who can either collect or resell them. The platform has already attracted many popular artists such as Leena Al Ayoobi, Arthur Pardini, Léo Caillard, Christophe Vacher, and Daniel Cheong.

Team

Project manager
Business analyst
Lead developer
DevOps
Solidity developer
2
Full-Stack developer
QA

Client’s request

The customer wanted to make sure that their system was 100% secured on the smart contract side.

They wanted our team to:

Analyze existing smart contracts on the NFT marketplace
Detect bugs and identify security vulnerabilities
Fix the errors and eliminate all possible issues
Hammer down the Ethereum transaction mechanisms
Enable highly secure transactions
Ensure smooth user flow

The client also requested us to:

Add a migration tool that would allow developers to update smart contracts with new features if the community is eager to do so
Connect a Chainlink Oracle to the Ethereum blockchain that PRISM is powered by
Do CI/CD preparations
Add security filters
Prepare environment architecture for development, staging, and production

Work done

Our blockchain professionals have analyzed PRISM smart contracts, identified key pain points, bugs, and vulnerabilities, and given advice on how to keep the platform running smoothly. We fixed all the issues detected and afterwards successfully passed a smart contract audit conducted by a third party.

Details

The interface of a homepage of the PRISM NFT Marketplace

The interface of an NFT listing page of the PRISM NFT Marketplace

The interface of a login screen of the PRISM NFT Marketplace

* The design of layouts was provided by the client.

User flow

We started our work by studying the project. It was especially important to keep the original user flow designed by the client.

Notably, the process of selling and buying NFTs on PRISM is done manually. Here is what it looks like:

1
The artist publishes their NFT and sets a starting price for it
2
Users evaluate the particular NFT and send their price proposals to the artist
3
The artist chooses who they want to sell their NFT to and accepts the offer
4
The artist receives the payment and sends their NFT to the buyer

Our tasks

Based on this user flow, our client gave us the following tasks:

Provide seamless user flow by allowing artists to collect payment and buyers to receive the NFTs they have purchased
Ensure the automatic return of NFTs and funds to their original state if one of the parties did not fulfill the conditions
Add a migration tool to be able to migrate the history of an existing contract to its updated version in case the community or the client wants to add new functionality or change the flow within the smart contract
Ensure that the tokens issued on PRISM could not be sold on other marketplaces as PRISM itself represents a secondary marketplace

Smart contracts and their role in the project

Smart contracts are at the heart of any blockchain-based application as they represent lines of code with transaction conditions embedded in them.

Essentially, they automate transactions, secure the application, and protect the user’s money. Smart contracts also eliminate the participation of any intermediary and the consequent loss of time.

Since large sums of money are transferred through or locked into smart contracts, they often become a target for hackers. Smart contracts should not therefore have any security vulnerabilities, otherwise users run the risk of losing their NFTs and funds — and the platform owner their reputation.

Got an idea? Let’s work together

How we worked on PRISM smart contracts

As the PRISM marketplace is currently running on the Ethereum blockchain, our developers used the Solidity programming language to fix and rewrite smart contracts.

Our team focused on three major points:

Security against hacker attacks and scams

Since buying and selling NFTs is done manually, this concept comes with security risks. We detected more than 20 minor/trivial problems in the initial code, which were preventing perfect optimization. We fixed them in order to secure smart contracts and thereby protect the platform and its users.

The correct operation of the user flow

We were asked to polish smart contracts to eliminate any possibility of malicious actions during the interaction between artists and buyers. We carefully analyzed the code and fixed it so that the parties could not cheat each other in any way.

For example, an artist receives an offer from a buyer and accepts it. The buyer sends their money to the artists, but there is no sign of the NFT for 48 hours. In this case, the buyer will receive their money back. If the artist sends their NFT to the buyer, but the buyer does not confirm receipt of the token, the buyer will receive their money back and the artist will still have their NFT.

Thus, smart contracts define and record every step that the buyer and seller take. If the conditions are not met, the smart contract will return everything to its original state and no one will lose anything.

The ability to resell NFTs only using the PRISM marketplace

We debugged and rewrote smart contracts in such a way that it is now completely impossible to sell NFTs issued by PRISM on any other marketplace.

Once the smart contracts were successfully corrected, they were audited by a third party company. No critical errors were found. Several problems were associated with the original architecture of the project. Other issues were resolved by our team.

Our process step by step

When working on our client's smart contracts, we followed these four steps:

Gathering requirements

Understanding the core problems and goals of the project
Analyzing client’s requirements
Defining the scope of work

Initial analysis of smart contracts

Bugs and issues research
Approving the scope of detected problems and offering solutions

Correction of errors and bugs

Code refactoring and optimization
Adding new features and security coverage

Code testing

Unit testing
Testnet QA process
Stress testing for preventing malicious actions

Results

The PixelPlex and NuPay Technologies collaboration on the PRISM NFT marketplace has been fruitful and has helped the client bring about meaningful transformation to their platform. The marketplace has been operating since February 2022, and our team is proud to have contributed to the project by auditing its smart contracts.

When working with our client, we fulfilled all their requirements, namely:

Ensured the security of smart contracts and thereby the entire system
Preserved and enhanced the original flow between NFT buyers and sellers
Made sure that NFTs did not go beyond the PRISM marketplace
Added a migration tool to enable easy updates of smart contracts in case the community asked for changes

Our work with NuPay Technologies will continue as we both strive to advance blockchain technology and make the world better through innovation.

Services IT R&D RESEARCH & DEVELOPMENT In this ever-evolving tech realm, don't just follow trends — set them.Capitalize on innovation, launch ground-breaking products, and forge new business models for maximum ROI. IT Consulting CONSULTING From complex enterprise tech transformation to the innovative project launch, our team supports businesses at different stages of their projects.Come along, we’ll help you get an edge and play big on the global market. Custom Software Development CUSTOM ENGINEERING Let us have your back in a project of any scale. From user-centric mobile apps to full-blown cross-platform enterprise ecosystems — we’ll bring your concept to life, exactly as you think it should look and work. Mobile App Development MOBILE APP DEVELOPMENT Entrust us with your end-to-end mobile project — from ideation and engineering to app launch and integration.With business growth in mind, we’ll help you hit the market with a slick iOS, Android, or cross-platform app. Mobile App Development iOS App Development Android App Development Cross-Platform App DevelopmentWeb Development WEB DEVELOPMENT Whether you need an app from the ground up or require a legacy system to be updated, we can jump in at any stage.From an accessibility roadmap to post-launch support, we’ll help your business stay strictly legal and competitive. Web Development Web Accessibility Audit Web Accessibility Consulting Accessible Web Development and Design DevSecOps DevSecOps Ensure your software's integrity and efficiency from conception to compliance. UI/UX Design UI/UX DESIGN Give us the pleasure of adding our secret sauce to your app.We’ll create beautiful screens at the front while breaking the limits of what’s behind them to help your app get to beyond-plausible business achievements. QA & Software Testing QA & SOFTWARE TESTING Engage us for integrated quality assurance services, and our experts will advise on QA strategy and optimize software testing costs.We’ll balance manual testing with QA automation to ensure consistent performance for all possible use cases and devices.
Technologies Blockchain BLOCKCHAIN DEVELOPMENT Blockchain Development Blockchain Consulting NFT Development STO Development ZK Rollup Solutions Enterprise Blockchain Development Smart Contracts Development Smart Contract Audit DApp Development Cryptocurrency Exchange DevelopmentData Science DATA SCIENCE Transforming data into growth strategies is our specialty.Leverage our expertise to unlock the potential of your big data and diverse digital assets, driving business growth. Big Data Consulting Data Analytics Business Intelligence Data VisualizationMachine Learning and AI ARTIFICIAL INTELLIGENCE Machine Learning Predictive Analytics Computer Vision Custom AI Development Chatbot Development AR & VR AUGMENTED VIRTUAL REALITY Immerse your customers into a universe of unimaginable and give them truly novel experiences with AR, VR, and Mixed Reality.We'll help define a proper business concept and find a balance between legacy workflows and next-gen customer engagement solutions. Metaverse METAVERSE We create tools, assets, and ecosystems to seamlessly merge real-life and digital worlds within your Metaverse projects.It could be a multi-layer virtual space or a unique artwork item. Either way, we’ll deliver it — ready and working. Connected Devices (IoT) INTERNET-OF-THINGS Aching to handle digital and physical asset management? We build load-resistant IoT services, both enterprise and consumer.Hit us with IoT consulting, app development, back-end engineering, or existing infrastructure revamping – we’ll nail it down.
Industries FinTech & Banking FINTECH & BANKING As traditional finance goes digital, we are committed to building efficient ecosystems and better engagementThink of customized FinTech solutions with tamper-proof transactions and storage, progress transparency and automation — and we’ll make them see the light of day. Retail & eCommerce RETAIL & ECOMMERCE Whether you market B2B or B2C, commerce tech trends are all about value-driven purposes, global sustainability, hybrid shopping journeys, and extra-resiliency.Let your clients know that there’s more to your brand than meets the eye by creating unique customer experiences in all your stores. Supply Chain & Logistics SUPPLY CHAIN & LOGISTICS To make things easier for all vendors, we deliver apps for route and cost optimization, vehicle operational support, and better dispatch time efficiency.With focus is sustainability, resilience, transparency, and immutability, let’s get your transformation going. Healthcare HEALTHCARE Custom healthcare software solutions are aimed at helping you ensure accurate diagnosis, better patient engagement, and positive healthcare outcomes.Whether you require a patient management solution, practice management software, EMR/EHR system, or ML-enabled diagnostics – we’ve got you covered. Real Estate REAL ESTATE Keep up with digital innovation trends by accelerating enterprise transformation and scaling, leveraging data and orchestrating workflows.Whether you manage and sell commercial facilities or invest third-party capital, our integrated solutions help you make the most of it. Oil & Gas OIL & GAS With mobility and digital technologies standing to change the game and define leadership, our mission is to get you digital-first.Resolve operational and conceptual issues by introducing clear tech vision, feasible architectures, and flexible software to take business extension off limits.
Solutions Know-Your-Transaction KYT platform ensures financial integrity, compliance, and proactive risk management. Control your operations seamlessly with real-time API integration. DocFlow Secure workflows, decentralized storage, and total document control. Streamline your processes with our business document management system. Arbitrage Bot Alternate your yield channels, maximize investment efficiency, customize trading strategies, and execute profitable low-risk transactions. CryptoAPI Connect your dApps to blockchains commission-free. No need for heavy database upload, infrastructure updates, or a dedicated engineering team. OTC Hawk Redefine wealth and portfolio management at your firm, outpacing your competitors. Make crypto/fiat trading easy and profitable for your clients.
Success stories Blockchain Government & Enterprise Energy & Utilities Financial Services Supply Chain Healthcare Retail & eCommerce See all projects
Company About us Team News Careers Scholarship CSR Contacts
Blog